Did you know on some application forms you can manipulate the URL and have the candidate’s job application redirected to someone else’s email address? Job boards, career/recruitment websites are already a haven for identity thieves and this "oversight" on your application form is fueling their business!

You would think by now that recruitment technology providers, job board developers, risk management experts would be able to identify security risks in the candidates job application process. But alas, no - there are still many examples of this security risk present on application forms.

So what exactly am I talking about?

When a candidate applies for a job, they are usually redirected to an online application form. The application form URL may contain the destination email address (usually the recruitment consultant or inbox email address).

This is BAD!

If you change the email address in the URL you maybe able to redirect the candidate’s application to another email address. Guess what? You would not even be aware this may be happening on your application forms already!

This is not an issue which is going to go away. If your application form has an email address in the URL you need to immediately fix this problem!

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

Jamie (2:03am Thursday 11 February 2010)

Tisk tisk. How could programmers get away with this.

Najara V. (2:13am Thursday 11 February 2010)

Shame on the whole recruitment industry for not taking security seriously.

It's only a matter of time before a recruitment agency gets exposed for a lack of online security.

What about the poor candidate? I feel sorry for them.

Name and shame.
Name and shame.

J (10:38am Thursday 11 February 2010)

Would these recruiters be part of the RCSA?

Tony B. (2:59pm Sunday 14 February 2010)

This is probably one of the best information sources for recruiters. Well done to Recruitment Directory for providing this. I can't wait to see what blog post is next?

Thomas, are you currently working fulltime for a job board or still freelancing? Drop me an email I have some work for you on our job board.

Keep up the good work.

Tony.

John (11:31am Monday 15 February 2010)

I'm not sure what you think the security risk is. Who are you saying would change the URL? The candidate? Why would they do that? The job board? That seems like a pretty average way to protect your revenue stream.